Trojanized, Signed Comm100 Chat Installer Anchors Supply Chain Attack

  /     /     /  
Publicated : 23/11/2024   Category : security

Trojanized, Signed Comm100 Chat Installer Anchors Supply Chain Attack


Malicious Comm100 files have been found scattered throughout North America, and across sectors including tech, healthcare, manufacturing, telecom, insurance, and others.


A new supply chain attack uses a Trojanized version of the Comm 100 Live Chat Application to compromise networks, and until Sept. 29, it was actively available for download from Comm 100s official website. 
The 
Comm100 Live Chat
application enables organizations to communicate with real-time chat and boasts more than 15,000 customers across 51 countries. 
Researchers with CrowdStrike reported the malicious Comm100 installer was available for download on the companys website and was signed on Sept. 26. 
Following the CrowdStrike disclosure, Comm100 has released an updated installer (10.0.9) on Thursday and is performing a deep analysis to learn more about the attack, the researchers said.  
Despite the relatively short lifespan of the
supply chain attack
, the malware was able to infect several organizations, with some infections still active.
The trojanized file was identified at organizations in the industrial, healthcare, technology, manufacturing, insurance and telecommunications sectors in North America and Europe, the report on the
supply chain attack
 said. 
The CrowdStrike team members added they are moderately confident the threat actors are from China, based on several factors, including the use of the Chinese language in notes in the code. 

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Trojanized, Signed Comm100 Chat Installer Anchors Supply Chain Attack